gpt4 book ai didi

linux - 有没有办法获取unix套接字连接另一端的uid

转载 作者:IT王子 更新时间:2023-10-29 01:07:54 27 4
gpt4 key购买 nike

有没有办法让 UNIX 域套接字监听器只接受来自特定用户的连接(chmod/chown 不适用于抽象套接字 afaik),或者在另一个word,获取传入连接的 uid(在 Linux 上)?

在 Linux 上使用抽象 unix 套接字的 Dbus 有一个函数 GetConnectionUnixUser,polkit 使用它来确定调用者。所以我想 dbus-daemon 一定有办法做到这一点。有谁知道它是如何工作的?

最佳答案

检查对等凭据的最简单方法是使用 SO_PEERCRED .对套接字 sock 执行此操作:

int len;
struct ucred ucred;

len = sizeof(struct ucred);
if (getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &ucred, &len) == -1)
// check errno

printf("Credentials from SO_PEERCRED: pid=%ld, euid=%ld, egid=%ld\n",
(long) ucred.pid, (long) ucred.uid, (long) ucred.gid);
SO_PEERCRED
Return the credentials of the foreign process connected to
this socket. This is possible only for connected AF_UNIX
stream sockets and AF_UNIX stream and datagram socket pairs
created using socketpair(2); see unix(7). The returned
credentials are those that were in effect at the time of the
call to connect(2) or socketpair(2). The argument is a ucred
structure; define the _GNU_SOURCE feature test macro to obtain
the definition of that structure from <sys/socket.h>. This
socket option is read-only.

来自tlpi example . PostgreSQL有一些其他 unice 的变体。

关于linux - 有没有办法获取unix套接字连接另一端的uid,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9898961/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com